Keeping your policies aligned while best practice guidance changes

With 2022 well underway PPS are expecting to be kept very busy this year reviewing recent changes made to best practise guidance published by organisations such as NCSC and ISO. The changes in the newly published guidance will require any organisation that writes and maintains IT policies to invest considerable time and effort in reviewing the new guidance.

Fortunately for our subscription and maintenance-based customers our subject matter experts have been busy reviewing the changes. We will shortly be providing full guidance on this to communicate the impact of the changes, and make the update exercise efficient and painless. All part of the service!

In January NCSC introduced an upgrade to the Cyber Essentials requirements which are covered in more detail below. ISO are due to release a new version of their 27002 guidance that incorporates significant changes, based on draft content that is currently available for review. We will be dedicating a number of newsletters to those 27002 changes in the coming months.

Cyber Essential Plus scheme updated

As mentioned above NCSC have released a version upgrade to the existing Cyber Essentials (CE) requirements. There are significant changes resulting from this, which have been assessed by our subject matter experts and will be incorporated in a V21 release scheduled for delivery in March.

V21 will be available for customers of our new generation Policy Management as Service offering, and existing versions of the IT Policy System for customers under a current support/maintenance contract.

As policy statement wording is impacted by the new CE requirements, PPS will be providing a document that provides proposed statement change options that our customers will need to consider in order to be aligned with the latest guidance.

Examples of changes in the new version guidance are:

• Home working requirement added
• Cloud services are now in scope
• Multi-factor authentication requirements are extended to cover the use of cloud services
• Further information on unsupported applications in the ‘security management control’
• The bring your own device (BYOD) section has been updated
• The wireless devices section been updated

Drop us a note if you wish to discuss the impact of the changes to Cyber Essentials Plus requirements in advance of the V21 release and we can book in a call.

Essentials and Premium versions taking off

Having onboarded over 40 new and existing customers to the Essentials and Premium versions in the latter part of 2021 we have been able to capture a lot of customer feedback, which has helped shape our thinking regarding ongoing enhancements and improvements.

We have also made some new video clips about IT Policy Management as a Service which can be viewed on our website. Click here to view the videos.

Roadmap for Essentials and Premium Versions

During 2022 we plan to release two functionality upgrades for the IT Policy Management Software. The first upgrade release is scheduled for April and will provide the following –

Essentials and Premium:

• Support Resources Menu addition providing online options to Request support, Request a feature, Report a bug, Request your Change Log Report.
• The change request process goes online – all customer requests for changes to policy statements, job titles etc can all be made from within the policy management software and saved for future reference or audit purposes. Once the request has been actioned by our team they will send out a confirmation. All communication on queries associated with a change request will also be conducted and recorded online.
• Ability for site primary user to change the default user viewing role from U (User) to either U (User), M (Manager) or T (Technical).
• Ability to export Stakeholder review comments to CSV.
• New report – show all current policy review dates.

Premium Only:

• New report – an additional compliance report in the Premium version will allow you to identify the status of acceptances per user per policy so that those who have not completed their reviews and acceptances can be followed up.

If you would like to see how IT Policy Management as a Service makes the development, delivery and maintenance of IT Policies very easy then feel free to contact us for a 20 minute demonstration.